[maintainer update] chicken-4.11.0p1

[Timo Myyrä]

Hi,

Here's an patch to update chicken's irregex to 0.9.6 in order to fix
CVE-2016-9954.
details: http://lists.gnu.org/archive/html/chicken-hackers/2016-12/msg00010.html

Lightly tested on amd64 and tests pass.

Timo

Index: Makefile.inc
===================================================================
RCS file: /cvs/ports/lang/chicken/Makefile.inc,v
retrieving revision 1.8
diff -u -p -r1.8 Makefile.inc
--- Makefile.inc        20 Aug 2016 08:56:18 -0000      1.8
+++ Makefile.inc        17 Dec 2016 09:48:01 -0000
@@ -4,7 +4,7 @@ COMMENT=        practical and portable Scheme s
 
 V=             4.11.0
 DISTNAME=      chicken-${V}
-REVISION=       0
+REVISION=       1
 
 MAINTAINER=    Timo Myyra <timo.my...@wickedbsd.net>
 
Index: core/Makefile
===================================================================
RCS file: /cvs/ports/lang/chicken/core/Makefile,v
retrieving revision 1.9
diff -u -p -r1.9 Makefile
--- core/Makefile       20 Aug 2016 08:56:19 -0000      1.9
+++ core/Makefile       17 Dec 2016 09:48:01 -0000
@@ -1,6 +1,6 @@
 # $OpenBSD: Makefile,v 1.9 2016/08/20 08:56:19 jasper Exp $
 
-REVISION=      0
+REVISION=      1
 
 SHARED_LIBS=   chicken 5.0 # 8
 
Index: core/patches/patch-irregex-core_scm
===================================================================
RCS file: core/patches/patch-irregex-core_scm
diff -N core/patches/patch-irregex-core_scm
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ core/patches/patch-irregex-core_scm 17 Dec 2016 09:48:01 -0000
@@ -0,0 +1,82 @@
+$OpenBSD$
+Fix exponential explosion in backtrack compilation (CVE-2016-9954)
+http://lists.gnu.org/archive/html/chicken-hackers/2016-12/msg00010.html
+--- irregex-core.scm.orig      Sat Dec 17 10:34:45 2016
++++ irregex-core.scm   Sat Dec 17 10:35:00 2016
+@@ -1,6 +1,6 @@
+ ;;;; irregex.scm -- IrRegular Expressions
+ ;;
+-;; Copyright (c) 2005-2015 Alex Shinn.  All rights reserved.
++;; Copyright (c) 2005-2016 Alex Shinn.  All rights reserved.
+ ;; BSD-style license: http://synthcode.com/license.txt
+
+ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+@@ -30,6 +30,9 @@
+
+ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+ ;;;; History
++;; 0.9.6: 2016/12/05 - fixed exponential memory use of + in compilation
++;;                     of backtracking matcher (CVE-2016-9954).
++;; 0.9.5: 2016/09/10 - fixed a bug in irregex-fold handling of bow
+ ;; 0.9.4: 2015/12/14 - performance improvement for {n,m} matches
+ ;; 0.9.3: 2014/07/01 - R7RS library
+ ;; 0.9.2: 2012/11/29 - fixed a bug in -fold on conditional bos patterns
+@@ -3169,16 +3172,7 @@
+               ((sre-empty? (sre-sequence (cdr sre)))
+                (error "invalid sre: empty *" sre))
+               (else
+-               (letrec
+-                   ((body
+-                     (lp (sre-sequence (cdr sre))
+-                         n
+-                         flags
+-                         (lambda (cnk init src str i end matches fail)
+-                           (body cnk init src str i end matches
+-                                 (lambda ()
+-                                   (next cnk init src str i end matches fail)
+-                                   ))))))
++               (let ((body (rec (list '+ (sre-sequence (cdr sre))))))
+                  (lambda (cnk init src str i end matches fail)
+                    (body cnk init src str i end matches
+                          (lambda ()
+@@ -3203,10 +3197,21 @@
+                          (lambda ()
+                            (body cnk init src str i end matches fail))))))))
+             ((+)
+-             (lp (sre-sequence (cdr sre))
+-                 n
+-                 flags
+-                 (rec (list '* (sre-sequence (cdr sre))))))
++             (cond
++              ((sre-empty? (sre-sequence (cdr sre)))
++               (error "invalid sre: empty +" sre))
++              (else
++               (letrec
++                   ((body
++                     (lp (sre-sequence (cdr sre))
++                         n
++                         flags
++                         (lambda (cnk init src str i end matches fail)
++                           (body cnk init src str i end matches
++                                 (lambda ()
++                                   (next cnk init src str i end matches fail)
++                                   ))))))
++                 body))))
+             ((=)
+              (rec `(** ,(cadr sre) ,(cadr sre) ,@(cddr sre))))
+             ((>=)
+@@ -3486,11 +3491,10 @@
+                (fail))))
+         ((bow)
+          (lambda (cnk init src str i end matches fail)
+-           (if (and (or (if (> i ((chunker-get-start cnk) src))
+-                            (not (char-alphanumeric? (string-ref str (- i 
1))))
+-                            (let ((ch (chunker-prev-char cnk src end)))
+-                              (and ch (not (char-alphanumeric? ch)))))
+-                        (and (eq? src (car init)) (eqv? i (cdr init))))
++           (if (and (if (> i ((chunker-get-start cnk) src))
++                        (not (char-alphanumeric? (string-ref str (- i 1))))
++                        (let ((ch (chunker-prev-char cnk init src)))
++                          (or (not ch) (not (char-alphanumeric? ch)))))
+                     (if (< i end)
+                         (char-alphanumeric? (string-ref str i))
+                         (let ((next ((chunker-get-next cnk) src)))